Home

2021年12月の脆弱性

誤りがあった場合はTwitterに報告をお願いします。-> Twitter《Har-sia》

今月話題になった脆弱性まとめ

CVE-2021-37159

Description from NVD

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

Information Acquisition Date:2022/01/01
CVSS 2.0: 4.4 MEDIUM CVSS 3.x: 6.4 MEDIUM

Highest Score:35 (2021/12/02)

脆弱性情報:Har-sia CVE-2021-37159


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-3772


Highest Score:35 (2021/12/02)

脆弱性情報:Har-sia CVE-2021-3772


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-38759

Description from NVD

Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.

Information Acquisition Date:2022/01/01
CVSS 2.0: 10.0 HIGH CVSS 3.x: 9.8 CRITICAL
This vulnerability may involve a PoC.

Highest Score:46 (2021/12/09)

脆弱性情報:Har-sia CVE-2021-38759


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-4044

Description from NVD

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).

Information Acquisition Date:2022/01/01
CVSS 2.0: 5.0 MEDIUM CVSS 3.x: 7.5 HIGH

Highest Score:83 (2021/12/25)

脆弱性情報:Har-sia CVE-2021-4044


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-40444

Description from NVD

Microsoft MSHTML Remote Code Execution Vulnerability

Information Acquisition Date:2022/01/01
CVSS 2.0: 6.8 MEDIUM CVSS 3.x: 7.8 HIGH
This vulnerability may involve a PoC.

Highest Score:268 (2021/09/08)

脆弱性情報:Har-sia CVE-2021-40444


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-4102


Highest Score:35 (2021/12/15)

脆弱性情報:Har-sia CVE-2021-4102


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-4104

Description from NVD

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Information Acquisition Date:2022/01/01
CVSS 2.0: 6.8 MEDIUM CVSS 3.x: 8.1 HIGH

Highest Score:36 (2021/12/14)

脆弱性情報:Har-sia CVE-2021-4104


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-42278

Description from NVD

Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42282, CVE-2021-42287, CVE-2021-42291.

Information Acquisition Date:2022/01/01
CVSS 2.0: 6.5 MEDIUM CVSS 3.x: 8.8 HIGH
This vulnerability may involve a PoC.

Highest Score:49 (2021/12/14)

脆弱性情報:Har-sia CVE-2021-42278


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-42287

Description from NVD

Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.

Information Acquisition Date:2022/01/01
CVSS 2.0: 6.5 MEDIUM CVSS 3.x: 8.8 HIGH
This vulnerability may involve a PoC.

Highest Score:49 (2021/12/14)

脆弱性情報:Har-sia CVE-2021-42287


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-43798

Description from NVD

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

Information Acquisition Date:2022/01/01
CVSS 2.0: 5.0 MEDIUM CVSS 3.x: 7.5 HIGH

Highest Score:64 (2021/12/09)

脆弱性情報:Har-sia CVE-2021-43798


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-43890

Description from NVD

Windows AppX Installer Spoofing Vulnerability

Information Acquisition Date:2022/01/01
CVSS 2.0: 6.0 MEDIUM CVSS 3.x: 7.1 HIGH

Highest Score:55 (2021/12/15)

脆弱性情報:Har-sia CVE-2021-43890


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-44077

Description from NVD

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.

Information Acquisition Date:2022/01/01
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

Highest Score:103 (2021/12/03)

脆弱性情報:Har-sia CVE-2021-44077


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-44228

Description from NVD

Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Information Acquisition Date:2022/01/01
CVSS 2.0: 9.3 HIGH CVSS 3.x: 10.0 CRITICAL
This vulnerability may involve a PoC.

Highest Score:1785 (2021/12/14)

脆弱性情報:Har-sia CVE-2021-44228


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-44515

Description from NVD

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.

Information Acquisition Date:2022/01/01
CVSS 2.0: 10.0 HIGH CVSS 3.x: 9.8 CRITICAL

Highest Score:38 (2021/12/07)

脆弱性情報:Har-sia CVE-2021-44515


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-44832

Description from NVD

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

Information Acquisition Date:2022/01/01
CVSS 2.0: 6.0 MEDIUM CVSS 3.x: 6.6 MEDIUM

Highest Score:407 (2021/12/29)

脆弱性情報:Har-sia CVE-2021-44832


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-45046

Description from NVD

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

Information Acquisition Date:2022/01/01
CVSS 2.0: 5.1 MEDIUM CVSS 3.x: 9.0 CRITICAL
This vulnerability may involve a PoC.

Highest Score:568 (2021/12/15)

脆弱性情報:Har-sia CVE-2021-45046


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


CVE-2021-45105

Description from NVD

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Information Acquisition Date:2022/01/01
CVSS 2.0: 4.3 MEDIUM CVSS 3.x: 5.9 MEDIUM
This vulnerability may involve a PoC.

Highest Score:192 (2021/12/19)

脆弱性情報:Har-sia CVE-2021-45105


管理者コメント

(自動翻訳)脆弱性まとめる際にここに自動翻訳を挿入します。次月までお待ちください。(自動翻訳ここまで)

###---###

参考URL:

上に戻る


計17件

Tweet